CVE-2018-10620: Buffer Overflow
First published: Thu Jul 19 2018(Updated: )
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVEVA InduSoft Web Studio | =8.1 | |
| AVEVA InduSoft Web Studio | =8.1-sp1 | |
| Aveva Intouch Machine 2017 | =8.1 | |
| Aveva Intouch Machine 2017 | =8.1-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/104870
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf
- https://www.tenable.com/security/research/tra-2018-19
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf
Frequently Asked Questions
What is the severity of CVE-2018-10620?
The severity of CVE-2018-10620 is critical with a score of 9.8.
What software versions are affected by CVE-2018-10620?
AVEVA InduSoft Web Studio versions 8.1 and 8.1 SP1, as well as InTouch Machine Edition versions 2017 8.1 and 2017 8.1 SP1 are affected.
How can a remote user exploit CVE-2018-10620?
A remote user can exploit CVE-2018-10620 by sending a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write.
What are the potential actions that can trigger the vulnerability in CVE-2018-10620?
The vulnerability in CVE-2018-10620 can be triggered during tag, alarm, or event related actions such as read and write.
Are there any fixes or patches available for CVE-2018-10620?
To fix CVE-2018-10620, it is recommended to refer to the security bulletin provided by AVEVA for the necessary updates.
- collector/nvd-index
- agent/references
- agent/severity
- agent/description
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/aveva
- canonical/aveva indusoft web studio
- version/aveva indusoft web studio/8.1
- version/aveva indusoft web studio/8.1-sp1
- canonical/aveva intouch machine 2017
- version/aveva intouch machine 2017/8.1
- version/aveva intouch machine 2017/8.1-sp1